Browse > Article

Proposal of Network Security Management architecture using Programmable Network Technology  

김명은 (한국전자통신연구원 네트워크보안구조연구팀)
오승희 (한국전자통신연구원 네트워크보안구조연구팀)
김광식 (한국전자통신연구원 네트워크보안구조연구팀)
남택용 (한국전자통신연구원 네트워크보안구조연구팀)
손승원 (한국전자통신연구원 네트워크보안구조연구부)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.28, no.10C, 2003 , pp. 1033-1044 More about this Journal
Abstract
In this paper, we propose security management architecture that manages efficiently security systems that are produced by different companies and programmable middleware that can reduce the load of management traffic. The proposed architecture applies programmable networks technology to policy based network management (PBNM). The proposed architecture manages and cooperates various security systems using security policy. Also, the programmable middleware provides convenience of management and reduces the overhead of a policy server by translating security policy into execution command. In addition, using programmable middleware, an administrator can manage various security systems that are produced by different companies. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time for enforcing and transferring of policies/messages between the proposed architecture and PBNM architecture.
Keywords
network security; security management architecture; security policy; programmable network;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Gerhard Eschelbeck, 'Active Secuhty- A proactive approach for computer security systems,' Joumal of Network and Computer Applications 2000, pp.109-130, 2000
2 D. Galand, O. Marce, 'Active Router Information in Routing Protocols,' IETF Internet Draft, 2000
3 Alex Galis, et al., 'Policy-Based Network Management for Active Networks,' IEEE ICT 2001 Conference proceedings, Bucharest, Romania, 4-7 June 2001
4 J. Postel, 'Internet Protocol,' IETF RFC 791, 1981
5 OPSEC 개요, 'Intro to OPSEC: OPSEC Software Development Kit,' http://www.opsec.com/intro/sdkds.html
6 채기준, '최종보고서: 센서 통신 구조 최적화 모델링 연구', 이화여대, Funded by ETRI, 2002
7 D. Scott Alexander, Bob Braden, Carl A. Gunter, Alden W. Jackson, Angelos D. Keromytis, Gary J. Minden, and David Wetherall, 'Active Network Encapsulation Protocol (ANEP),'http://www.cis.upenn.edu/switchware/ANEP/docs/ANEP.txt, 1997
8 Kei Kato, et al., 'Application of Active Networking to policy networking,' Japan
9 Y. Choi, 'White paper: The compass of information security ESM Introduction,' proceeding of 1st workshop on cyber terrors, Korea, 2002
10 Alex Galis, et al., 'A Flexible IP Active Networks Architecture,' Proceedings of International Workshop on Active Networks, Oct. 2000
11 Jiyoung Lim, 'Design of security enforcement engine for active nodes in active networks,' The International Conference on Information Networking (ICOIN) 2003, vo1.3, 2003
12 S. Deering, R. Hinden, 'Internet Protocol, Version 6 (IPv6),' IETF RFC 2460, 1998
13 'Conceptual model description of Active Secuhty System for Next Generation Network V1.0,' Information Secuhty Research Div., ETRI, Korea, Jun. 2002